Mavi Ekran 3 YILLIK SİSTEMDE SÜREKLİ MAVİ EKRAN HATASI ALMAYA BAŞLADIM

[eaemreaksu]

Merhaba. Sistemimi 3 yıldır sorunsuz kullanıyorum fakat son 1 haftadır sürekli mavi ekran veriyor. Kafayı yemek üzereyim. Minidump dosyasını aşağıya bırakıyorum daha önce bu sorunıla karşılaşan veya sorunu bilen arkadaşlar yardımcı olabilir mi? Dün ve bugün 2 farklı mavi ekran yedim.

Minidump Linki https://drive.google.com/file/d/1y2musDJ_aQQ3u3DQZfw6SjRa75vsDClW/view?usp=sharing

Birinci Minidump;

************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false

-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.109 seconds

----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27704.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\101324-8250-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff806`19800000 PsLoadedModuleList = 0xfffff806`1a4134b0
Debug session time: Sun Oct 13 15:02:05.828 2024 (UTC + 3:00)
System Uptime: 0 days 1:37:09.420
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...........................
Loading User Symbols

Loading unloaded module list
............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`19c14df0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa50f`8683eaa0=000000000000000a
1: kd> !analyze -v
*******************************************************************************

• *
• Bugcheck Analysis *
• *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8063c625263, address which referenced memory

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for mouclass.sys
*** WARNING: Unable to verify timestamp for usbccgp.sys
*** WARNING: Unable to verify timestamp for klmouflt.sys
*** WARNING: Check Image - Checksum mismatch - Dump: 0x1a20e, File: 0x1d704 - C:\ProgramData\Dbg\sym\mouclass.sys\80F5995515000\mouclass.sys

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 1984

Key : Analysis.Elapsed.mSec
Value: 5944

Key : Analysis.IO.Other.Mb
Value: 0

Key : Analysis.IO.Read.Mb
Value: 0

Key : Analysis.IO.Write.Mb
Value: 0

Key : Analysis.Init.CPU.mSec
Value: 265

Key : Analysis.Init.Elapsed.mSec
Value: 3397

Key : Analysis.Memory.CommitPeak.Mb
Value: 87

Key : Analysis.Version.DbgEng
Value: 10.0.27704.1001

Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre

Key : Analysis.Version.Ext
Value: 1.2408.27.1

Key : Bugcheck.Code.LegacyAPI
Value: 0xd1

Key : Bugcheck.Code.TargetModel
Value: 0xd1

Key : Dump.Attributes.AsUlong
Value: 1008

Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key : Dump.Attributes.ErrorCode
Value: 0

Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1

Key : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key : Dump.Attributes.ProgressPercentage
Value: 0

Key : Failure.Bucket
Value: AV_mouclass!unknown_function

Key : Failure.Hash
Value: {e92a9fa0-2ddb-3078-1c3e-cad79d251917}

Key : Stack.Pointer
Value: NMI


BUGCHECK_CODE: d1

BUGCHECK_P1: 0

BUGCHECK_P2: 2

BUGCHECK_P3: 1

BUGCHECK_P4: fffff8063c625263

FILE_IN_CAB: 101324-8250-01.dmp

DUMP_FILE_ATTRIBUTES: 0x1008
Kernel Generated Triage Dump

FAULTING_THREAD: ffffd2049f9a4040

WRITE_ADDRESS: fffff8061a51d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000000

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

DPC_STACK_BASE: FFFFA50F8683FFB0

TRAP_FRAME: ffffa50f8683ebe0 -- (.trap 0xffffa50f8683ebe0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffd204a04ae3c8
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8063c625263 rsp=ffffa50f8683ed78 rbp=ffffa50f8683ede8
r8=0000000000000180 r9=0000000000000000 r10=fffff80619a10060
r11=ffff84fdff800000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe nc
mouclass+0x5263:
fffff806`3c625263 0110 add dword ptr [rax],edx ds:00000000`00000000=????????
Resetting default scope

STACK_TEXT:
ffffa50f`8683ea98 fffff806`19c2ad29 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffa50f`8683eaa0 fffff806`19c26189 : 00000000`00000020 00000000`0000004c ffffa50f`8683edc0 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffa50f`8683ebe0 fffff806`3c625263 : fffff806`3c531f00 00000000`00000001 ffffa50f`8683ee49 fffff806`19b2f5b0 : nt!KiPageFault+0x489
ffffa50f`8683ed78 fffff806`3c531f00 : 00000000`00000001 ffffa50f`8683ee49 fffff806`19b2f5b0 fffff806`3c6015ca : mouclass+0x5263
ffffa50f`8683ed80 00000000`00000001 : ffffa50f`8683ee49 fffff806`19b2f5b0 fffff806`3c6015ca fffff235`00000000 : usbccgp+0x1f00
ffffa50f`8683ed88 ffffa50f`8683ee49 : fffff806`19b2f5b0 fffff806`3c6015ca fffff235`00000000 00000000`00000000 : 0x1
ffffa50f`8683ed90 fffff806`19b2f5af : fffff806`3c6015ca fffff235`00000000 00000000`00000000 00000000`00000000 : 0xffffa50f`8683ee49
ffffa50f`8683ed98 fffff806`3c6015ca : fffff235`00000000 00000000`00000000 00000000`00000000 00000000`00000021 : nt!EtwpUpdateEventsLostCount+0x2b
ffffa50f`8683eda0 fffff235`00000000 : 00000000`00000000 00000000`00000000 00000000`00000021 fffff806`3c60c0c0 : klmouflt+0x15ca
ffffa50f`8683eda8 00000000`00000000 : 00000000`00000000 00000000`00000021 fffff806`3c60c0c0 00000000`00000002 : 0xfffff235`00000000


SYMBOL_NAME: mouclass+5263

MODULE_NAME: mouclass

IMAGE_NAME: mouclass.sys

STACK_COMMAND: .process /r /p 0xffffd20488cee040; .thread 0xffffd2049f9a4040 ; kb

BUCKET_ID_FUNC_OFFSET: 5263

FAILURE_BUCKET_ID: AV_mouclass!unknown_function

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {e92a9fa0-2ddb-3078-1c3e-cad79d251917}

Followup: MachineOwner
---------


İkinci Mavi Ekran;


************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false

-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds

----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27704.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\101224-12828-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff802`5f400000 PsLoadedModuleList = 0xfffff802`600134b0
Debug session time: Sat Oct 12 22:25:17.053 2024 (UTC + 3:00)
System Uptime: 0 days 3:48:31.643
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0020a018). Type ".hh dbgerr001" for details
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`5f814df0 48894c2408 mov qword ptr [rsp+8],rcx ss:ffffc68a`52975da0=00000000000000f7
16: kd> !analyze -v
*******************************************************************************

• *
• Bugcheck Analysis *
• *

*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: ffffc68a529777b4, Actual security check cookie from the stack
Arg2: 000098049cf327e3, Expected security check cookie
Arg3: ffff67fb630cd81c, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 1890

Key : Analysis.Elapsed.mSec
Value: 3012

Key : Analysis.IO.Other.Mb
Value: 0

Key : Analysis.IO.Read.Mb
Value: 0

Key : Analysis.IO.Write.Mb
Value: 0

Key : Analysis.Init.CPU.mSec
Value: 250

Key : Analysis.Init.Elapsed.mSec
Value: 2401

Key : Analysis.Memory.CommitPeak.Mb
Value: 97

Key : Analysis.Version.DbgEng
Value: 10.0.27704.1001

Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre

Key : Analysis.Version.Ext
Value: 1.2408.27.1

Key : Bugcheck.Code.LegacyAPI
Value: 0xf7

Key : Bugcheck.Code.TargetModel
Value: 0xf7

Key : Dump.Attributes.AsUlong
Value: 1008

Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key : Dump.Attributes.ErrorCode
Value: 0

Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1

Key : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key : Dump.Attributes.ProgressPercentage
Value: 0

Key : Failure.Bucket
Value: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure

Key : Failure.Hash
Value: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}


BUGCHECK_CODE: f7

BUGCHECK_P1: ffffc68a529777b4

BUGCHECK_P2: 98049cf327e3

BUGCHECK_P3: ffff67fb630cd81c

BUGCHECK_P4: 0

FILE_IN_CAB: 101224-12828-01.dmp

DUMP_FILE_ATTRIBUTES: 0x1008
Kernel Generated Triage Dump

FAULTING_THREAD: ffff910e87e57080

SECURITY_COOKIE: Expected 000098049cf327e3 found ffffc68a529777b4

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: sro_client.exe

TRAP_FRAME: fffff0f87c3e1000 -- (.trap 0xfffff0f87c3e1000)
Unable to read trap frame at fffff0f8`7c3e1000
Resetting default scope

STACK_TEXT:
ffffc68a`52975d98 fffff802`5f8fb5b5 : 00000000`000000f7 ffffc68a`529777b4 00009804`9cf327e3 ffff67fb`630cd81c : nt!KeBugCheckEx
ffffc68a`52975da0 fffff802`5f7d71e2 : ffffc68a`52975e88 ffffc68a`52976490 00000000`ce647fe3 8dbdbc24`40a2339d : nt!_report_gsfailure+0x25
ffffc68a`52975de0 fffff802`5f810876 : ffff910e`00000000 fffff802`5fba08ff fffff802`5f810834 ffffc68a`529761e0 : nt!_GSHandlerCheckCommon+0x5a
ffffc68a`52975e10 fffff802`5f820492 : ffffc68a`52976df8 ffffc68a`529763d0 ffffc68a`52976d00 00000000`00000000 : nt!_GSHandlerCheck_SEH+0x42
ffffc68a`52975e40 fffff802`5f62eac3 : ffffc68a`52977030 ffffc68a`52976df8 fffff802`5f7180d3 fffff802`5f4ddf18 : nt!RtlpExecuteHandlerForException+0x12
ffffc68a`52975e70 fffff802`5f71813e : ffffffff`ffffffff ffffc68a`52976ea0 ffffc68a`52976ea0 ffffc68a`52976610 : nt!RtlDispatchException+0x2f3
ffffc68a`529765e0 fffff802`5f82ae7c : fffff080`00000000 00000000`00000000 fffff0f8`7c3e1000 00000000`00000000 : nt!KiDispatchException+0x1ae
ffffc68a`52976cc0 fffff802`5f826163 : ffffc68a`52976f70 ffffc68a`52977078 00000000`0378fda0 fffff802`5f858ba7 : nt!KiExceptionDispatch+0x13c
ffffc68a`52976ea0 fffff802`5f7183da : 00000000`00000003 ffffc68a`529773e8 00000000`77c84770 00000000`0010005f : nt!KiPageFault+0x463
ffffc68a`52977030 fffff802`5f7180d3 : 00000000`00000000 ffffc68a`52977710 00000000`00000007 ffffc68a`529770a0 : nt!KeContextFromKframes+0x4a
ffffc68a`52977070 fffff802`5f82ae7c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x143
ffffc68a`529778c0 fffff802`5f82324e : 00000000`7a6f7b8e 00000000`00000000 ffffffff`ff676980 00000000`00000000 : nt!KiExceptionDispatch+0x13c
ffffc68a`52977aa0 00000000`7a711002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBreakpointTrap+0x34e
00000000`047dfef0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7a711002


SYMBOL_NAME: nt!_report_gsfailure+25

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.22621.4317

STACK_COMMAND: .process /r /p 0xffff910e915350c0; .thread 0xffff910e87e57080 ; kb

BUCKET_ID_FUNC_OFFSET: 25

FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}

Followup: MachineOwner

 

[Einstein]

Merhaba. Sistemimi 3 yıldır sorunsuz kullanıyorum fakat son 1 haftadır sürekli mavi ekran veriyor. Kafayı yemek üzereyim. Minidump dosyasını aşağıya bırakıyorum daha önce bu sorunıla karşılaşan veya sorunu bilen arkadaşlar yardımcı olabilir mi? Dün ve bugün 2 farklı mavi ekran yedim.

Birinci Minidump;

************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false

-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true



************* Waiting for Debugger Extensions Gallery to Initialize **************


----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27704.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\101324-8250-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff806`19800000 PsLoadedModuleList = 0xfffff806`1a4134b0
Debug session time: Sun Oct 13 15:02:05.828 2024 (UTC + 3:00)
System Uptime: 0 days 1:37:09.420
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...........................
Loading User Symbols

Loading unloaded module list
............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`19c14df0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa50f`8683eaa0=000000000000000a
1: kd> !analyze -v
*******************************************************************************

• *
• Bugcheck Analysis *
• *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8063c625263, address which referenced memory

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for mouclass.sys
*** WARNING: Unable to verify timestamp for usbccgp.sys
*** WARNING: Unable to verify timestamp for klmouflt.sys
*** WARNING: Check Image - Checksum mismatch - Dump: 0x1a20e, File: 0x1d704 - C:\ProgramData\Dbg\sym\mouclass.sys\80F5995515000\mouclass.sys

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 1984

Key : Analysis.Elapsed.mSec
Value: 5944

Key : Analysis.IO.Other.Mb
Value: 0

Key : Analysis.IO.Read.Mb
Value: 0

Key : Analysis.IO.Write.Mb
Value: 0

Key : Analysis.Init.CPU.mSec
Value: 265

Key : Analysis.Init.Elapsed.mSec
Value: 3397

Key : Analysis.Memory.CommitPeak.Mb
Value: 87

Key : Analysis.Version.DbgEng
Value: 10.0.27704.1001

Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre

Key : Analysis.Version.Ext
Value: 1.2408.27.1

Key : Bugcheck.Code.LegacyAPI
Value: 0xd1

Key : Bugcheck.Code.TargetModel
Value: 0xd1

Key : Dump.Attributes.AsUlong
Value: 1008

Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key : Dump.Attributes.ErrorCode
Value: 0

Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1

Key : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key : Dump.Attributes.ProgressPercentage
Value: 0

Key : Failure.Bucket
Value: AV_mouclass!unknown_function

Key : Failure.Hash
Value: {e92a9fa0-2ddb-3078-1c3e-cad79d251917}

Key : Stack.Pointer
Value: NMI


BUGCHECK_CODE: d1

BUGCHECK_P1: 0

BUGCHECK_P2: 2

BUGCHECK_P3: 1

BUGCHECK_P4: fffff8063c625263

FILE_IN_CAB: 101324-8250-01.dmp

DUMP_FILE_ATTRIBUTES: 0x1008
Kernel Generated Triage Dump

FAULTING_THREAD: ffffd2049f9a4040

WRITE_ADDRESS: fffff8061a51d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000000

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

DPC_STACK_BASE: FFFFA50F8683FFB0

TRAP_FRAME: ffffa50f8683ebe0 -- (.trap 0xffffa50f8683ebe0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffd204a04ae3c8
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8063c625263 rsp=ffffa50f8683ed78 rbp=ffffa50f8683ede8
r8=0000000000000180 r9=0000000000000000 r10=fffff80619a10060
r11=ffff84fdff800000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe nc
mouclass+0x5263:
fffff806`3c625263 0110 add dword ptr [rax],edx ds:00000000`00000000=????????
Resetting default scope

STACK_TEXT:
ffffa50f`8683ea98 fffff806`19c2ad29 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffa50f`8683eaa0 fffff806`19c26189 : 00000000`00000020 00000000`0000004c ffffa50f`8683edc0 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffa50f`8683ebe0 fffff806`3c625263 : fffff806`3c531f00 00000000`00000001 ffffa50f`8683ee49 fffff806`19b2f5b0 : nt!KiPageFault+0x489
ffffa50f`8683ed78 fffff806`3c531f00 : 00000000`00000001 ffffa50f`8683ee49 fffff806`19b2f5b0 fffff806`3c6015ca : mouclass+0x5263
ffffa50f`8683ed80 00000000`00000001 : ffffa50f`8683ee49 fffff806`19b2f5b0 fffff806`3c6015ca fffff235`00000000 : usbccgp+0x1f00
ffffa50f`8683ed88 ffffa50f`8683ee49 : fffff806`19b2f5b0 fffff806`3c6015ca fffff235`00000000 00000000`00000000 : 0x1
ffffa50f`8683ed90 fffff806`19b2f5af : fffff806`3c6015ca fffff235`00000000 00000000`00000000 00000000`00000000 : 0xffffa50f`8683ee49
ffffa50f`8683ed98 fffff806`3c6015ca : fffff235`00000000 00000000`00000000 00000000`00000000 00000000`00000021 : nt!EtwpUpdateEventsLostCount+0x2b
ffffa50f`8683eda0 fffff235`00000000 : 00000000`00000000 00000000`00000000 00000000`00000021 fffff806`3c60c0c0 : klmouflt+0x15ca
ffffa50f`8683eda8 00000000`00000000 : 00000000`00000000 00000000`00000021 fffff806`3c60c0c0 00000000`00000002 : 0xfffff235`00000000


SYMBOL_NAME: mouclass+5263

MODULE_NAME: mouclass

IMAGE_NAME: mouclass.sys

STACK_COMMAND: .process /r /p 0xffffd20488cee040; .thread 0xffffd2049f9a4040 ; kb

BUCKET_ID_FUNC_OFFSET: 5263

FAILURE_BUCKET_ID: AV_mouclass!unknown_function

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {e92a9fa0-2ddb-3078-1c3e-cad79d251917}

Followup: MachineOwner
---------


İkinci Mavi Ekran;


************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false

-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true



************* Waiting for Debugger Extensions Gallery to Initialize **************


----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27704.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\101224-12828-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff802`5f400000 PsLoadedModuleList = 0xfffff802`600134b0
Debug session time: Sat Oct 12 22:25:17.053 2024 (UTC + 3:00)
System Uptime: 0 days 3:48:31.643
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0020a018). Type ".hh dbgerr001" for details
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`5f814df0 48894c2408 mov qword ptr [rsp+8],rcx ss:ffffc68a`52975da0=00000000000000f7
16: kd> !analyze -v
*******************************************************************************

• *
• Bugcheck Analysis *
• *

*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: ffffc68a529777b4, Actual security check cookie from the stack
Arg2: 000098049cf327e3, Expected security check cookie
Arg3: ffff67fb630cd81c, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 1890

Key : Analysis.Elapsed.mSec
Value: 3012

Key : Analysis.IO.Other.Mb
Value: 0

Key : Analysis.IO.Read.Mb
Value: 0

Key : Analysis.IO.Write.Mb
Value: 0

Key : Analysis.Init.CPU.mSec
Value: 250

Key : Analysis.Init.Elapsed.mSec
Value: 2401

Key : Analysis.Memory.CommitPeak.Mb
Value: 97

Key : Analysis.Version.DbgEng
Value: 10.0.27704.1001

Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre

Key : Analysis.Version.Ext
Value: 1.2408.27.1

Key : Bugcheck.Code.LegacyAPI
Value: 0xf7

Key : Bugcheck.Code.TargetModel
Value: 0xf7

Key : Dump.Attributes.AsUlong
Value: 1008

Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key : Dump.Attributes.ErrorCode
Value: 0

Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1

Key : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key : Dump.Attributes.ProgressPercentage
Value: 0

Key : Failure.Bucket
Value: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure

Key : Failure.Hash
Value: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}


BUGCHECK_CODE: f7

BUGCHECK_P1: ffffc68a529777b4

BUGCHECK_P2: 98049cf327e3

BUGCHECK_P3: ffff67fb630cd81c

BUGCHECK_P4: 0

FILE_IN_CAB: 101224-12828-01.dmp

DUMP_FILE_ATTRIBUTES: 0x1008
Kernel Generated Triage Dump

FAULTING_THREAD: ffff910e87e57080

SECURITY_COOKIE: Expected 000098049cf327e3 found ffffc68a529777b4

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: sro_client.exe

TRAP_FRAME: fffff0f87c3e1000 -- (.trap 0xfffff0f87c3e1000)
Unable to read trap frame at fffff0f8`7c3e1000
Resetting default scope

STACK_TEXT:
ffffc68a`52975d98 fffff802`5f8fb5b5 : 00000000`000000f7 ffffc68a`529777b4 00009804`9cf327e3 ffff67fb`630cd81c : nt!KeBugCheckEx
ffffc68a`52975da0 fffff802`5f7d71e2 : ffffc68a`52975e88 ffffc68a`52976490 00000000`ce647fe3 8dbdbc24`40a2339d : nt!_report_gsfailure+0x25
ffffc68a`52975de0 fffff802`5f810876 : ffff910e`00000000 fffff802`5fba08ff fffff802`5f810834 ffffc68a`529761e0 : nt!_GSHandlerCheckCommon+0x5a
ffffc68a`52975e10 fffff802`5f820492 : ffffc68a`52976df8 ffffc68a`529763d0 ffffc68a`52976d00 00000000`00000000 : nt!_GSHandlerCheck_SEH+0x42
ffffc68a`52975e40 fffff802`5f62eac3 : ffffc68a`52977030 ffffc68a`52976df8 fffff802`5f7180d3 fffff802`5f4ddf18 : nt!RtlpExecuteHandlerForException+0x12
ffffc68a`52975e70 fffff802`5f71813e : ffffffff`ffffffff ffffc68a`52976ea0 ffffc68a`52976ea0 ffffc68a`52976610 : nt!RtlDispatchException+0x2f3
ffffc68a`529765e0 fffff802`5f82ae7c : fffff080`00000000 00000000`00000000 fffff0f8`7c3e1000 00000000`00000000 : nt!KiDispatchException+0x1ae
ffffc68a`52976cc0 fffff802`5f826163 : ffffc68a`52976f70 ffffc68a`52977078 00000000`0378fda0 fffff802`5f858ba7 : nt!KiExceptionDispatch+0x13c
ffffc68a`52976ea0 fffff802`5f7183da : 00000000`00000003 ffffc68a`529773e8 00000000`77c84770 00000000`0010005f : nt!KiPageFault+0x463
ffffc68a`52977030 fffff802`5f7180d3 : 00000000`00000000 ffffc68a`52977710 00000000`00000007 ffffc68a`529770a0 : nt!KeContextFromKframes+0x4a
ffffc68a`52977070 fffff802`5f82ae7c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x143
ffffc68a`529778c0 fffff802`5f82324e : 00000000`7a6f7b8e 00000000`00000000 ffffffff`ff676980 00000000`00000000 : nt!KiExceptionDispatch+0x13c
ffffc68a`52977aa0 00000000`7a711002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBreakpointTrap+0x34e
00000000`047dfef0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7a711002


SYMBOL_NAME: nt!_report_gsfailure+25

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.22621.4317

STACK_COMMAND: .process /r /p 0xffff910e915350c0; .thread 0xffff910e87e57080 ; kb

BUCKET_ID_FUNC_OFFSET: 25

FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}

Followup: MachineOwner

minidump dosyasını direkt paylaşın. @Emre Zengin hocam müsait olduğunda yardımcı olacaktır.

 

[eaemreaksu]

minidump dosyasını direkt paylaşın. @Emre Zengin hocam müsait olduğunda yardımcı olacaktır.

Direkt olarak nasıl paylaşabilirim?

Mesaj otomatik birleştirildi: 13 Ekim 2024

minidump dosyasını direkt paylaşın. @Emre Zengin hocam müsait olduğunda yardımcı olacaktır.

 

[Einstein]

Direkt olarak nasıl paylaşabilirim?

Mesaj otomatik birleştirildi: 13 Ekim 2024

Minidump Dosyalarını Paylaşın

Minidump dosyaları, bilgisayarınız mavi ekran verdiğinde belleğin ufak bir dökümünü barındıran dosyalardır. Bunları analiz ederek mavi ekran hatalarının nedenini öğrenebiliriz. Minidump dosyaları C:\Windows\Minidump klasöründe bulunur ve DMP uzantılıdır. Bu dosyaları sizden istediğimizde...

www.technopat.net

 

[eaemreaksu]

minidump dosyasını direkt paylaşın. @Emre Zengin hocam müsait olduğunda yardımcı olacaktır.

Tamamdır buldum.

Minidump Linki: Minidump Linki https://drive.google.com/file/d/1y2musDJ_aQQ3u3DQZfw6SjRa75vsDClW/view?usp=sharing

 

[Emre Zengin]

Tamamdır buldum.

Minidump Linki: Minidump Linki https://drive.google.com/file/d/1y2musDJ_aQQ3u3DQZfw6SjRa75vsDClW/view?usp=sharing

Kaspersky'ı kaldır bakalım. Eğer gene mavi ekran verirse yeni Minidump dosyalarını paylaş.

 

[eaemreaksu]

Kaspersky'ı kaldır bakalım. Eğer gene mavi ekran verirse yeni Minidump dosyalarını paylaş.

Kaspersky'ı hiç mi kullanmamam gerekiyor?

 

[Emre Zengin]

Kaspersky'ı hiç mi kullanmamam gerekiyor?

Şimdilik kaldır bakalım. Bakalım mavi ekran vermeye devam edecek mi? Eğer sorun olmazsa tekrardan yüklersin. Eğer bilinçli bir kullanıcıysan Windows Defender sadece işini görecektir.

 

[eaemreaksu]

Şimdilik kaldır bakalım. Bakalım mavi ekran vermeye devam edecek mi? Eğer sorun olmazsa tekrardan yüklersin. Eğer bilinçli bir kullanıcıysan Windows Defender sadece işini görecektir.

çok teşekkür ederim kaldırdım. umarım düzelir. Tekrar sorun olursa bu konuya yazabilir miyim?

 

[Emre Zengin]

çok teşekkür ederim kaldırdım. umarım düzelir. Tekrar sorun olursa bu konuya yazabilir miyim?

Evet yazabilirsin. Eğer mavi ekran vermeye devam ederse yeni Minidump dosyanı da paylaş.

 

[eaemreaksu]

Evet yazabilirsin. Eğer mavi ekran vermeye devam ederse yeni Minidump dosyanı da paylaş.

Çok teşekkür ederim ilginiz ve alakanız için. Sağ olun.

 

[eaemreaksu]

Evet yazabilirsin. Eğer mavi ekran vermeye devam ederse yeni Minidump dosyanı da paylaş.

Emre bey selamlar. Tekrardan mavi ekran verdi. Kaspersky sildikten sonra. Bu sefer mavi ekran sonrası bilgisayar hiç açılmadı. 4 Tane ram slotundan 2 tane rami çıkarttım. Bilgisayar sorunsuz açıldı.

Bu sefer KMODE_EXCEPTION_NOT_HANDLED (1e) hatası verdi.

Minidump dosyası: https://drive.google.com/file/d/1EC2S7g4EhReGIJhTC5aEm33exoqHu1g5/view?usp=sharing

 

[Emre Zengin]

Emre bey selamlar. Tekrardan mavi ekran verdi. Kaspersky sildikten sonra. Bu sefer mavi ekran sonrası bilgisayar hiç açılmadı. 4 Tane ram slotundan 2 tane rami çıkarttım. Bilgisayar sorunsuz açıldı.

Bu sefer KMODE_EXCEPTION_NOT_HANDLED (1e) hatası verdi.

Minidump dosyası: https://drive.google.com/file/d/1EC2S7g4EhReGIJhTC5aEm33exoqHu1g5/view?usp=sharing

Tüm bellekler takılıyken CPU-Z adlı programı indirip SPD sekmesindeki Slotların resmini sırasıyla atar mısın? Bir de sistemde WireGuard diye bir şey yüklü sanırım. Onu da kaldır.